Re: [wpkg-users] WPKG and Vista UAC
WPKG path user is domain account (in Domain Users group), which have access to network share, where is SW WPKG execution context users is SYSTEM This combination doesnt work (access denied) Tomasz Chmielewski napsal(a): Vladimír Pšenička schrieb: I tested clean Vista instalation joined to domain with WPKG client (service) run with SYSTEM account, UAC enabled and result are: In event log there are errors for each package, example: Command '%SOFTWARE%\tools\acroread\AdbeRdr812_cs_CZ.exe /sAll /rs was not successful. Access is denied %SOFTWARE% = \\server\apps So WPKG service with SYSTEM account cannot read packages from network share. Yes, because SYSTEM user doesn't know anything about network credentials. Configure WPKG path user and give network credentials there - it doesn't have to be a domain admin account; a limited user which can only access this share is sufficient and recommended. -- Vladimir Psenicka IT system engineer Prodeco a.s. - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Yes samba share, samba version is 3.0.24, I dont have ACL support enabled. But WPKG path user (domain user) can access samba share (read) without problem. Marco Gaiarin napsal(a): Mandi! Vladimír Pšenička In chel di` si favelave... So WPKG service with SYSTEM account cannot read packages from network share. Samba share? I've hitted recently a trouble that i was not able to track down and understand, only to circumvent. After upgrading from sarge (samba 3.0.18) to etch (3.0.24), wpkg *ON* *SOME* *WINXPsp2* *BOX* exploit exactly this behaviour: 'guest access' works from every user apart SYSTEM. The strange was that only some machine have thta, and every box have the same windows verion, revision, patchlevel, ... I've circumvent this enabling full ACL support and setting ACL for the share, before that i use simple permission based on group and force user/force group statement. Never understood why. ;( -- Vladimir Psenicka IT system engineer Prodeco a.s. - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Hi Vladimir, Plases read the Rules: http://wpkg.org/Support Vladimír Pšenička wrote: WPKG path user is domain account (in Domain Users group), which have access to network share, where is SW WPKG execution context users is SYSTEM This combination doesnt work (access denied) For me it does perfectly. I guess you probably did not specify a full user name including the domain prefix. You need to specify the username to access the share in the form domain\user not user user as Windows will use a local user name in this case. Here is a sample configuration which works for me (settings.xml): ?xml version=1.0 encoding=UTF-8? configuration file\\software\RemInst\wpkg\wrapper.js/file path-userMYDOMAIN\domainuser/path-user path-password*hashed-password*/path-password exec-userSYSTEM/exec-user exec-password/exec-password parameters/synchronize/parameters silentYES/silent pre-action/pre-action post-action/post-action show-GUINO/show-GUI logon-delay0/logon-delay logon-message-1Installing apps./logon-message-1 logon-message-2do not reboot/logon-message-2 script-variable name=SOFTWARE\\software\RemInst\software/script-variable script-variable name=SETTINGS\\software\RemInst\settings/script-variable prioritynormal/priority stop-service-after-doneYES/stop-service-after-done laptop-modeYES/laptop-mode server-connecting-methodstandard/server-connecting-method server-connecting-ipsoftware/server-connecting-ip server-connecting-timeout3/server-connecting-timeout server-connecting-script-timeout3/server-connecting-script-timeout server-connecting-script-file/server-connecting-script-file /configuration br, Rainer - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Mandi! Vladimír Pšenička In chel di` si favelave... Yes samba share, samba version is 3.0.24, I dont have ACL support enabled. But WPKG path user (domain user) can access samba share (read) without problem. Clearly this is not my case. I use guest access because i use WPKG to install only 'free' (as in beer or better as in speech ;) application. Probably, as suggested by others, you have forgot the domain part. Anyway, if this is not the case, try to enable the ACL with inheritation: nt acl support = yes inherit acls = yes map acl inherit = yes map archive = no map hidden = no map system = no store dos attributes = yes dos filemode = yes and setup the ACL (i use windows explorer). -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia''http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Rainer Meier wrote: For me it does perfectly. I guess you probably did not specify a full user name including the domain prefix. You need to specify the username to access the share in the form domain\user not user user as Windows will use a local user name in this case. One more note regarding this topic. Remember that Windows only supports connections to one server using single user credentials. This means that if you already have some connections to your server - WPKG will not be able to connect to your share using different credentials. This can become a problem for example if a network printer is attached from the same server where you want to connect your software share from. In such case you won't be able to connect as Windows will always use guest credentials for the software share as well due to the fact that it already connected to the printer using guest credentials. This is a very annoying feature of Windows. So my work-around was always as follows - and it worked perfectly: I entered a host alias name in smb.conf: netbios aliases = software And this alias is used only for software distribution (no printers or other stuff connected to this alias. So my printer is connected at \\server\printername. While WPKG uses \\software\RemInst share. br, Rainer - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] Questions about offline mode and executing the wpkg service
Hi, Everyone experiencing logon delay window being shown when the network cable was disconnected - could you try: http://wpkg.org/files/client/beta/WPKG%20Client%201.3.1-2.msi It is a test version made just to verify this problem, so please don't report other problems about this release. To use it: - uninstall the previous WPKG Client version (reboot may be needed), - yes, I meant uninstall; do not just upgrade, - install this version, use these or similar settings: a) Logon settings: logon delay of 5 minutes b) Misc settings: log to file C:\wpkg.log c) Offline mode settings: Enable offline mode + IP of your server 1) Start with the network cable plugged in, copy C:\wpkg.log, C:\wpkglogon.txt 2) Start with the network cable unplugged, copy C:\wpkg.log, C:\wpkglogon.txt If the issue is still not solved for you, reply to the list and say it doesn't work (and please send me the above mentioned files off-list). If the issue is solved, you don't have to send any files - just let me know that it works. -- Tomasz Chmielewski http://wpkg.org - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
So local setting done with wpkg service are ok (no errors) on Vista, example: package id=firewall - vnc name=Open port TCP 5900 on Windows revision=4 reboot=false notify=false priority=100 execute=once install cmd='%COMSPEC% /C if exist %SYSTEMROOT%\system32\netsh.exe netsh firewall add portopening TCP 5900 VNC enable subnet' / remove cmd='%COMSPEC% /C if exist %SYSTEMROOT%\system32\netsh.exe netsh firewall delete portopening TCP 5900' / /package so I tested same settings on XP machine and doesn't work either log from samba machine: [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2008/05/23 12:32:45, 3] smbd/process.c:process_smb(1110) Transaction 111 of length 86 [2008/05/23 12:32:45, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 5113) conn 0x0 [2008/05/23 12:32:45, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/05/23 12:32:45, 2] smbd/service.c:make_connection_snum(569) guest user (from session setup) not permitted to access this share (install) [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146) problem is that guest user cannot access share, so I added guest ok = yes to smb.conf, before this I had Domain Admin account in WPKG execute context user, so access to share wasn't problem, but Vista with UAC didn't work (need to elevate user rights). Final I have: --- WPKG path user: domain user WPKG execution context user: SYSTEM guest ok = yes in smb.conf in share definition on samba machine --- and everything works fine on XP and Vista with UAC Thank you for your help Tomasz Chmielewski napsal(a): Vladimír Pšenička schrieb: Yes samba share, samba version is 3.0.24, I dont have ACL support enabled. But WPKG path user (domain user) can access samba share (read) without problem. Check your Samba logs. The easiest way would be to: Set them to log level = 3. Make the log size of 1000. Clear the log (but not remove it!) for the given workstation - from bash prompt, do: # /var/log/samba/log.workstation_name Then, from a cmd.exe window do (started as Administrator): net stop WPKG service net start WPKG service Check Samba log for that workstation, it will give you some hint on where you connect to, with what credentials, and why it fails (or succeeds). -- Vladimir Psenicka IT system engineer Prodeco a.s. - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Vladimír Pšenička schrieb: (...) guest user (from session setup) not permitted to access this share (install) problem is that guest user cannot access share, so I added guest ok = yes to smb.conf, before this I had Domain Admin account in WPKG execute context user, so access to share wasn't problem, but Vista with UAC didn't work (need to elevate user rights). Final I have: --- WPKG path user: domain user WPKG execution context user: SYSTEM guest ok = yes in smb.conf in share definition on samba machine --- and everything works fine on XP and Vista with UAC Note that with this setting *everyone* can access this share. What is still not clear for me: is your software share a different one from the WPKG share (the one where you keep wpkg.js)? If yes, you may indeed have problems accessing them. Using one single share for both software (installers) and WPKG (wpkg.js, config.xml, package definitions) is the recommended one I'd say. -- Tomasz Chmielewski http://wpkg.org - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Yes they are on different shares (machines): WPKG (wpkg.js, xml files etc.) are in netlogon share on PDC (samba) and software installers are on BDC (samba). Is this any problem? Tomasz Chmielewski napsal(a): Vladimír Pšenička schrieb: (...) guest user (from session setup) not permitted to access this share (install) problem is that guest user cannot access share, so I added guest ok = yes to smb.conf, before this I had Domain Admin account in WPKG execute context user, so access to share wasn't problem, but Vista with UAC didn't work (need to elevate user rights). Final I have: --- WPKG path user: domain user WPKG execution context user: SYSTEM guest ok = yes in smb.conf in share definition on samba machine --- and everything works fine on XP and Vista with UAC Note that with this setting *everyone* can access this share. What is still not clear for me: is your software share a different one from the WPKG share (the one where you keep wpkg.js)? If yes, you may indeed have problems accessing them. Using one single share for both software (installers) and WPKG (wpkg.js, config.xml, package definitions) is the recommended one I'd say. -- Vladimir Psenicka IT system engineer Prodeco a.s. - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users
Re: [wpkg-users] WPKG and Vista UAC
Hi Vladimír Vladimír Pšenička wrote: Yes they are on different shares (machines): WPKG (wpkg.js, xml files etc.) are in netlogon share on PDC (samba) and software installers are on BDC (samba). Is this any problem? Yes, this might be a problem. WPKG client connects to the share where wpkg.js is supposed to be using the configured credentials. It does not connect to the share where the packages are stored. WPKG client even does not know about this share since the path is specified within the package definitions (which are known only to wpkg.js). As a result wpkg.js tries to connect to this share. Windows does not know about specific logon credentials and therefore connects as guest. As a work-around you might use a pre-execution script within the configuration of WPKG client like.. @echo off echo Connecting share net use x: \\server\share /USER:DOMAIN\user password /PERSISTENT:NO As a result when wpkg.js accesses \\server\share\path\to\some\files... it will use the credentials already saved by the command above. br, Rainer - Reporting bugs, all WPKG mailing lists http://wpkg.org/Support ___ wpkg-users mailing list wpkg-users@lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users